On Wed, Feb 5, 2020 at 10:11 AM Dan Carpenter <[email protected]> wrote: > > On Wed, Feb 05, 2020 at 09:47:01AM -0800, Dan Williams wrote: > > On Wed, Feb 5, 2020 at 4:38 AM Dan Carpenter <[email protected]> > > wrote: > > > > > > Hello Dan Williams, > > > > > > The patch 4d88a97aa9e8: "libnvdimm, nvdimm: dimm driver and base > > > libnvdimm device-driver infrastructure" from May 31, 2015, leads to > > > the following static checker warning: > > > > > > drivers/nvdimm/bus.c:511 nd_async_device_register() > > > error: dereferencing freed memory 'dev' > > > > > > drivers/nvdimm/bus.c > > > 502 static void nd_async_device_register(void *d, async_cookie_t > > > cookie) > > > 503 { > > > 504 struct device *dev = d; > > > 505 > > > 506 if (device_add(dev) != 0) { > > > 507 dev_err(dev, "%s: failed\n", __func__); > > > 508 put_device(dev); > > > ^^^^^^^^^^^^^^^ > > > 509 } > > > 510 put_device(dev); > > > ^^^^^^^^^^^^^^ > > > 511 if (dev->parent) > > > 512 put_device(dev->parent); > > > 513 } > > > > > > We call get_device() from __nd_device_register(), I guess. It seems > > > buggy to call put device twice on error. > > > > The registration path does: > > > > get_device(dev); > > > > async_schedule_dev_domain(nd_async_device_register, dev, > > &nd_async_domain); > > > > ...and device_add() does its own get_device(). > > device_add() does its own put_device() at the end so it's a net zero. >
It does it's own, yes, but the put_device() after device_add() failure is there to drop the reference taken by device_initialize(). Otherwise, device_add() has always documented: * NOTE: _Never_ directly free @dev after calling this function, even * if it returned an error! Always use put_device() to give up your * reference instead. ...so what am I missing? _______________________________________________ Linux-nvdimm mailing list -- [email protected] To unsubscribe send an email to [email protected]
